From owner-freebsd-questions Tue Dec 3 17:49:56 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A63337B401 for ; Tue, 3 Dec 2002 17:49:53 -0800 (PST) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 461D943E9C for ; Tue, 3 Dec 2002 17:49:52 -0800 (PST) (envelope-from kirk@strauser.com) Received: from pooh.honeypot.net (mail@pooh.honeypot.net [10.0.1.2]) by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id gB41nojm022814 for ; Tue, 3 Dec 2002 19:49:50 -0600 (CST) (envelope-from kirk@strauser.com) Received: from kirk by pooh.honeypot.net with local (Exim 3.36 #1 (Debian)) id 18JOfe-0000lS-00 for ; Tue, 03 Dec 2002 19:49:50 -0600 To: freebsd-questions@freebsd.org Subject: Re: Virtual Private Servers/Jails References: <20021203193834.X471-100000@server.simon1.net> From: Kirk Strauser Date: 03 Dec 2002 19:49:50 -0600 In-Reply-To: <20021203193834.X471-100000@server.simon1.net> Message-ID: <87k7iqzh6p.fsf@pooh.honeypot.net> Lines: 98 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2002-12-04T01:33:02Z, Simon1 writes: > 4) Needed utilities and commands. (Call it my wishlist) > 1) A way to list jails. > 2) A way to list processes BY jail, and a way to show (host side) > which jail a process belongs to. > 3) jail halt, jail restart commands to close out the jail, and > possibly restart it. My JailAdmin program (at http://subwiki.honeypot.net/cgi-bin/view/Freebsd/JailAdmin) handles those functions. For example: root@kanga:/home/kirk# jailadmin status all Server: vserver1 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 23688 0.0 0.1 944 532 ?? SsJ Mon10AM 0:00.21 /usr/sbin/syslogd -a 127.0.0.1/8 root 23695 0.0 0.1 1056 428 ?? IsJ Mon10AM 0:00.00 /usr/sbin/inetd -wWl root 23697 0.0 0.1 984 452 ?? IsJ Mon10AM 0:00.30 /usr/sbin/cron root 23699 0.0 0.2 2852 1440 ?? IsJ Mon10AM 0:00.66 /usr/sbin/sshd Server: vserver2 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 573 0.0 0.1 952 500 ?? SsJ Mon09AM 0:01.37 /usr/sbin/syslogd -a 127.0.0.1/8 root 581 0.0 0.1 1064 476 ?? IsJ Mon09AM 0:00.03 /usr/sbin/inetd -wWl root 583 0.0 0.1 988 476 ?? IsJ Mon09AM 0:00.36 /usr/sbin/cron root 585 0.0 0.1 2852 1052 ?? IsJ Mon09AM 0:00.51 /usr/sbin/sshd root 893 0.0 0.2 2788 1364 ?? IsJ Mon09AM 0:00.06 sendmail: Queue runner@00:30:00 for /var/spool/mqueue (sendmail) smmsp 896 0.0 0.2 2664 1260 ?? IsJ Mon09AM 0:00.05 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) news 22029 0.0 0.7 5536 5232 ?? IsJ 7:19PM 0:00.78 (leafnode) Server: vserver3 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 671 0.0 0.1 944 492 ?? SsJ Mon09AM 0:00.24 /usr/sbin/syslogd -a 127.0.0.1/8 root 678 0.0 0.1 1040 432 ?? IsJ Mon09AM 0:00.00 /usr/sbin/inetd -wWl root 680 0.0 0.1 976 484 ?? IsJ Mon09AM 0:00.43 /usr/sbin/cron root 682 0.0 0.1 2852 1012 ?? IsJ Mon09AM 0:00.64 /usr/sbin/sshd root 1002 0.0 0.1 1052 564 ?? IJ Mon09AM 0:00.00 cron: running job (cron) 1100 1009 0.0 0.1 2688 1148 ?? IsJ Mon09AM 0:00.02 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t 1100 1051 0.0 2.8 95876 21856 ?? SJ Mon09AM 90:21.23 /usr/local/jdk1.3.1/bin/i386/green_threads/java freenet.node.Main Stopping an individual jail: root@kanga:/home/kirk# jailadmin stop vserver1 Stopping server vserver1... Sending signal TERM to all processes in the jail Waiting 5 seconds to check success... Starting an individual jail: root@kanga:/home/kirk# jailadmin start vserver1 Starting server vserver1... Skipping disk checks ... Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049 mtu 16384 Additional routing options: tcp extensions=NOsysctl: net.inet.tcp.rfc1323: Operation not permitted TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not permitted . Routing daemons:. Additional daemons: syslogd. Doing additional network setup:. Starting final network daemons:. ELF ldconfig path: /usr/lib /usr/lib/compat /usr/X11R6/lib /usr/local/lib a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout Starting standard daemons: inetd cron sshd. Initial rc.i386 initialization:. Additional ABI support:. Local package initialization: pgsql apache jabberd mysqld Zope. Additional TCP options:. Wed Dec 4 01:43:08 GMT 2002 The version I finished yesterday has provisions for automatically mounting a (list of) filesystem(s) before starting the jail, and umounting them (in reverse order) after stopping the jail. I did this to simplify sharing /usr/ports/distfiles via NFS from the host environment among all of the jail environments: root@kanga:/home/kirk# cat /usr/local/etc/jailadmin.conf jaildir=/usr/export vserver1 ip: 10.0.0.32 hostname: virtual1.honeypot.net mount: /usr/ports/distfiles JailAdmin comes with a few other features, such as an SNMP module for the 'net-snmp' port, allowing Cricket, MRTG, etc. to graph statistics from the jails on a given server. Right now, the module only returns a minimal amount of information (IP, hostname, number of loaded processes, etc.), but I wrote it with expandability in mind. -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message